Lucene search

TR-CERTCVELIST:CVE-2021-44795

HistoryJan 27, 2022 - 12:27 p.m.

CVE-2021-44795 Modifying User Permissions via Unauthorized Access in Single Connect

2022-01-2712:27:14

CWE-862

TR-CERT

www.cve.org

cve-2021-44795

modifying user permissions

unauthorized access

single connect

authorization check

remote attacker

vulnerability

delete permissions

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

44.0%

JSON

Single Connect does not perform an authorization check when using the “sc-assigned-credential-ui” module. A remote attacker could exploit this vulnerability to modify users permissions. The exploitation of this vulnerability might allow a remote attacker to delete permissions from other users without authenticating.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Single Connect",
    "vendor": "Kron",
    "versions": [
      {
        "lessThan": "2.16",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.usom.gov.tr/bildirim/tr-22-0093

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

44.0%

JSON

Related for CVELIST:CVE-2021-44795